IPVM, great job covering topics that are important to our industry.
Before I comment any further, I'm going to switch over to SSI's website and read more about this blow to Hikvision... (never to return)
US Congressional Hearing Features Hikvision
Published Jan 31, 2018 17:55 PM
A US Congressional hearing asked questions about Hikvision's government ownership and cybersecurity issues, following the WSJ's investigations into Hikvision.
Plus, Hikvision has issued a 'special bulletin' response to their dealers.
In this note, we examine the US Congressional hearing, share key clips from it, review Hikvision's response and the outlook going forward.
US Congressional *******
*** ** ************* ********* ** ***** ******** held * ******* ****** "***** ******** Information *******: ********* ******* ***** *******" [link ** ****** *********] ** ******* 30th.
*** ******** ** *** ********* **** his ******* ******* ** **** *** 'foreign *** ******' *** *********:
** *** *&*, *** ******** **** asked ********* ***** *********'* ******* ********** ownership *** ************* ****** ** ***:
******* *-**** ******* ***** *********** ******** *****:
Response - "********* ************ ******** ***** *******"
********* **** ******* '******* ********' ***** later *** **** *** ****** "********* ************ Supports ***** *******":
*********'* ***** ******* *** *********'* ******** on *********'* ********** *********, ****** ******** on ******* **** ** ******* ******* cyber ******* *** ***************.
Good *** *********
*** **** **** *** ********* ********:
- **** *** ********* ******** ******* ** Hikvision. *** ***** ********* *** ***.
- *** ******** *** ********* ** ********* were ******* *** *** *** **** or ***** *** **** *******.
- **** *** ** *** ***** ******** Committee ****** **** ******* ** ********-******* **** which ***** ***** **** ******** *** Hikvision.
Bad *** *********
*** *** **** ** **** ***********, DHS *** *** (**** **********) **** talking ***** *********. *** **** ********* to *********'* ******* ******* ********** *******, the **** **** *** *********'* ****** efforts ** *** ****** ******
*******
*** *** ****** ** **** ******* next. ** **** ** ****** *** Congressman ****** ** **** * ***** and ** *** **** ** ** cares, **** ***** **** **** * blip *** *********. *******, ** **** US ********** ********* ***** ***** ********* *** the ******* ** ***** ** *** US, **** ***** ** *** ********* of * ***** ******* *** *** Chinese **********-***** *******. **** **** ****.
Comments (9)
UE
Undisclosed End User #1
Jan 31, 2018JT
John Tran
Jan 31, 2018This hearing did not talk about any discussion about national security threat US may face because of Chinese government ownership of Hikvision. The comment about 40% ownership made it sound like the security flaw is due to the fact that the company was owned by Chinese government.
JH
John Honovich
Feb 03, 2018Update: SIW did a post covering this: Congressional committee confronts effects of cyber crime on small businesses, key quote from Hikvision's Chuck Davis:
To put this in a broader context, finding vulnerabilities is not a reflection of the company’s commitment to security—fixing them is, which is why we worked with DHS throughout the process and issued the firmware update in March 2017—two months before the DHS issued its ICS-CERT. DHS acknowledged that the firmware update that has been readily available on our website since mid-March resolves the vulnerability.
That is a fascinating perspective since simply having a magic string backdoor raises grave concerns about the company's lack of commitment or competency in cybersecurity. Also, the reason Hikvision released the fix so soon was because we told Hikvision that IPVM was going to report on it immediately in March.
BP
Bas Poiesz
Feb 03, 2018They fixed it because Solely because IPVM would report it? I think you’re overestimating your impact John.
If there is someone who influenced it, it is the source that found it and reported it, not the one reporting on the reported problem.
JH
John Honovich
Feb 03, 2018Jonathan, I said they "released the fix so soon" because of IPVM. That your counter to that is "They fixed it because Solely because IPVM" is intellectually incoherent.
Below is the email I sent to them on March 10 saying that we were publishing on Monday March 13th.
Sunday, March 12th, they emailed their dealers with the now clearly deceptive Hikvision 'Privilege-Escalating' Security Vulnerability notice.
I think you’re overestimating your impact John.
Actually, the opposite. Hikvision executives routinely blame IPVM for all of their public problems, literally. Various execs report this back to me. Hikvision has said similar to me. That noted, I disagree, the cause of their problems is mostly their factual Chinese government ownership and their poor historic approach to cybersecurity.
BP
Bas Poiesz
Feb 05, 2018I was referring to your own statement above:
Also, the reason Hikvision released the fix so soon was because we told Hikvision that IPVM was going to report on it immediately in March.
JH
John Honovich
Feb 05, 2018I know what you were referring to Jonathan. That is exactly my point. I said it was the reason they "released the fix so soon", I never claimed, as you alleged, "They fixed it because Solely because IPVM".
JH
Jay Hobdy
Feb 03, 2018Actually it is pretty apparent that IPVM has an impact on Hik. I have seen some of the posts where Hik refers to an online magazine. It is not hard to connect the dots.
JH
John Honovich
Feb 03, 2018Related:
- Hikvision Attacks IPVM
- Hikvision: IPVM Is "Destined To Fail"
- Hikvision NA CEO Declares IPVM "The Most Outrageous Behavior I Have Seen In My 27 Years In The Global Security Industry."
Though, in the last few months, Hikvision has reduced public attacks against IPVM but certainly not because they like us any better. I believe they realized that their attacks were actually helping us.